sasecurityfandomcom-20200214-history
EthernetPort
Category:Sasecurity back to http://scratchpad.wikia.com/wiki/Sasecurity TableOfContents No connectivity on eht0 port of Mesh node BR ANSW: BR Try typing mii-tool, which is a program that shows you what is going on BR with your ethernet. The -h qualifier will show you your options.BR You do not need to register with Wiana to try it out. You most likely BR have a ethernet interface that is not being recognized by the software. BR You might try installing the software to disk if this is feasible.BR QUES:BR I've downloaded build 25 dev 81 and burned it to CD (that's the newest BR I could find... Is it really the newest?). It boots and finds my SMC BR 2532 wireless and 3COM 575C Ethernet cards running at 100MB. BR "ifconfig eth0" shows my IP as 192.168.1.2. I have eth0 plugged into a BR Linksys WRT54G router on one of the 4 internal LAN ports. BR The Linksys is 192.168.1.1. BR I can't ping the Linksys by IP or get any wired network connectivity. BR I know the 3COM card works (tested it in WinXP). Ping reports "no BR route to host." The Linksys is connected to a cable modem with goodBR connectivity via the WAN port. BR I played with MeshAP almost a year ago as a Proof of Concept, but I BR don't remember having any problems like this (although my LAN was BR configured differently - was using StarBand satellite instead of BR Cable as my backhaul). I don't need to register this node with Wiana BR before *anything* (even ping?) works, do I? BR Lan port security Lan port security on the 10.x.x.x subnet network BR Looking at Jeremy's post it looks like I may be able to stop them seeing each other but wouldn't that also stop anyone on the wired lan from being able to communicate with anyone else on the wireless lan totally. I'd need a more controlable solution to make it work. ---- The answer may lie in the email from Jeremy in "Mesh and RFC1918 (DMZ BR in 10.0.0/16?)". BR It appears that when a Mesh AP is plugged into a 10.X.X.X network, the BR mesh AP can only see the gateway, but the Mesh node (or its clients) BR cannot ping any other devices on the networks, and nor can any other BR device ping the Mesh Node, with the exception of the gateway. BR Theoretically, if Peter changes his LAN to 10.X.X.X then that should BR give him the security he requires. BR --- The watchguard looks like the ticket but the price is more than 2 stand BR alone firewalls so not a totally viable. Its good to know at least some BR systems do support this function. DMZ is unimportant at the moment as BR they seem to remove the firewall from the dmz server but still grant full BR access from the server to the firewalled network. As for linux solution, I BR have thought of that type of system but not really suitable to fill peoples BR ceilings with too many large components. Plus I'd prefer the reliabilty BR of a new firewall over an old pc. In reality if I install a gateway node in BR a premises and supply a lan port on the router for their internal network BR then its really their responsibility to make sure they put a firewall BR between their system and the network. Just would have been nice to offer a BR simpler solution. BR --- I think what you are looking for is a firewall that has 3 or BR more ports. One outside (Red or untrusted), one inside (Green or Trusted), BR and one or more DMZ (Orange or optional). I personally use Watchguard BR firewalls (www.watchguard.com) and their X series comes with six BR interfaces which can be configured so that traffic from one port may BR flow freely to the others or it can be secured in any increment you BR want until there is no ability to connect from one port to another. They BR are expensive however. I think the least expensive one they have is around BR $500.00. If you are more adventuresome and like the linux solutions BR you can try ipcop (www.ipcop.org). It is similar to meshap in that you take BR a cd and write an image to your hard drive. It will require an intel BR based pc and three nic interfaces. BR ---- > My router isn't the DG834G version that has inbuilt wireless, mine is BR just > the standard DG834. I have also looked on Netgear's website and have BR done a feature comparison between all their routers, and mine doesn't appear BR to be short on features. I just cannot find anywhere that allows me to BR route traffic the way I want. All the settings for static routes refer to BR mapping incoming data on the wan port. I suppose that makes sense since BR firewall manufacturers would be expecting threats from outside the network BR where I am plugging an open network in behind the line of defence. This is not a BR major problem it will just require another firewall in between gateway BR router and wired lan until I find a better way. BR Once again thanks for all the help Phil and if you hear of a router BR that has the ability to seperate the internal lan port traffic, drop me a line BR ----- Just had a chat with one of our Mesh Network users who works for a BR network security firm. He informs me many backhaul routers (including the latest) with BR wireless > capabilities that have built in internet modules also have inbuilt BR guest > accounts! which make them eminently insecure solution? BR He suggests that you use a non wireless router for your primary BR backhaul connection and connect your Mesh box via its the Ethernet port to the BR router BR --- So your wireless clients connect to their local Mesh AP which BR routes it to the Mesh AP/Gateway machine and via the router to the backhaul BR they do not see the rest of the network, your other wired BR machines are set to route to the backhaul or where ever you want them to route to BR Ive looked at my router settings (netgear DG834) and it only seems BR to route the incoming traffic from the wan port not the lan ports. This is BR > exactly what I wanted to do but when I couldn't find a way to do it I BR started asking questions here. I assumed that other people must have come across BR this problem and found suitable hardware that would route traffic BR straight out to the net and keep seperate from the local wired lan. I even tried BR putting the meshbox in the routers dmz zone and I could still ping my BR internal network from wireless laptop. If I am missing something in the router BR config I am open to suggestions. BR Another option is pcengines wrap with 3 ethernet ports (and two BR mini-pci slots) running OpenBSD with pf giving you traffic shaping, priorityBR scheduling, firewalling, multipath routing and load balancing in one BR box for about US$130. http://www.openbsd.org/faq/pf/pl/[[BR]] Double Ethernet cards Double ehternet cards in a mesh: Hostmapping doesn't work with twin cards. Static ip won't work it stops the node node from performing DNS. Subject: MeshAPuser Second ethernet card In February Rob Davis described how to set up a second ethernet card in a MeshAP thus stick two cards in the box, and then ssh in, and do: ifconfig eth1 0.0.0.0 up brctl addif br0 eth1 and see if it gives you the effect you are looking for. If so, add it to /etc/rc.d/rc.local Look for "Starting captive portal", and try it just below the fi. Subject then was "Re: MeshAPuser Four wifi cards in a meshap box")